package com.gzc.web.filter;

import org.springframework.stereotype.Component;

import com.gzc.common.Const;
import com.gzc.common.exception.DocumentException;
import com.gzc.model.User;
import com.gzc.util.ActionUtil;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

@SuppressWarnings("serial")
@Component("authInterceptor")
public class AuthInterceptor extends AbstractInterceptor {

	@Override
	public String intercept(ActionInvocation invocation) throws Exception {
		// 获取ACTION的名字
		String an = invocation.getProxy().getActionName();
		if(!an.startsWith(Action.LOGIN)){
			User loginUser = (User) ActionContext.getContext().getSession().get(Const.LOGIN_USER_KEY);
			if(null == loginUser){
				// 未登陆则直接跳到登陆界面
				return Action.LOGIN;
			}
			//来进行其他权限控制
			if(loginUser.getType() != 1) {
				//普通用户
				if(!ActionUtil.checkUrl(an)) {
					throw new DocumentException("需要管理员才能访问该功能");
				}
			}
		}
		return invocation.invoke();
	}

}
